On 12-Oct-16 08:16, David Cantrell wrote:
> On Tue, Oct 11, 2016 at 11:14:01AM -0400, Dan Collins wrote:
>> But other modules may work fine with these older versions of the library.
>> And, without testers reporting these failures, you wouldn't know that
>> Crypt::PKCS10 is failing on those platforms!
>> I suspect that you want to probe for the OpenSSL version at the Makefile.PL
>> stage, and if there is an insufficient version, fail there.
> Perhaps `openssl version` is what you need. It looks like the format is
> consistently simple across time:
>   OpenSSL 1.0.1t  3 May 2016
>   OpenSSL 0.9.7e 25 Oct 2004
> Extract the \d+\.\d+\.\d+ bit and compare it to the minimum acceptable
> in Makefile.PL, and exit(0) before writing Makefile if it's too ancient.
Yes, except that there are several streams, among which features and
patches get backported semi-randomly.
E.g. 1.0.1b may have something that 1.0.2j doesn't.  Though it will
probably appear in 1.0.2(j+delta).

About the only thing to do is test a function; if it produces the
correct result on known input, it can be used.

That's where I ended up.  Except that I have to test another module that
calls OpenSSL and guess why it fails.

As for checking on security patches - that's too much trouble.  My
advice: keep up with patches, or suffer :-(


BTW, I currently print qx/openssl version/ - which is how I discovered
this swamp.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to